Fake Wordpress site releasing backdoored code

0

Don’t mistype “wordpress.org” because you could end up downloading compromised code. Some hackers have set up www.wordpresz.org. The code sends cookie contents to a hacked program hosted on wordpresz.org and could expose passwords and other identifying information.

UPDATE – Looks dead now.

The backdoored pluggable.php file attempts to send the stolen data to wordpresz.org/tuk.php which is still accepting cookies if the requests are properly formatted. The spoof is a nearly perfect combination of social engineering, typosquatting and the natural EstDomains connection as the domain registrar, nearly perfect in the sense that they couldn’t duplicate the whole WordPress.org potentially raising suspicion at the end user’s end.

The site is on the same IP address as a fake pharmacy site, proving that scammers always ring twice.

0

CrunchBase

DescriptionWordPress.Org offers WordPress, web software that enables its users to create websites or blogs.
The website features themes, plug-ins, and introductory manuals for WordPress as well as related testimonials, fan art, and more. In addition, it offers online resources such as forums, mailing lists, events calendar, and others.